From patchwork Tue Sep 24 16:39:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1166737 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46d6R72psrz9sPL for ; Wed, 25 Sep 2019 02:40:53 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 86E8FDB2; Tue, 24 Sep 2019 16:40:14 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id ACA57DA5 for ; Tue, 24 Sep 2019 16:40:13 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E7B6A8A6 for ; Tue, 24 Sep 2019 16:40:12 +0000 (UTC) Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 14F7E7FDE9 for ; Tue, 24 Sep 2019 16:40:12 +0000 (UTC) Received: by mail-wr1-f69.google.com with SMTP id a4so823810wrg.8 for ; Tue, 24 Sep 2019 09:40:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IiEQlclqqetUoTXqOvqHZTzDFHInBY6l4lyFGDzaL4Y=; b=RVDvYacMYsJ0t8YXDnxcwepCOyERKH3k17ifVUz3aYPGp2HxW1kNpeowEOmwg0wL8i 5Wr20BbZBsL783RBk9Df/GbJzS8yKRYv8PgyULCeMsMDpHuE4slFI4VAppxFPWjqZbnU sXnmgZumORsX46oHR7YUtmNPyb2lGXV9tkmjBGl4YdPoCrANgf0F5uEdU0htglrGckOV X5/Xz0uCZU8OgDAVP62jI5UDJvgSVGd1S8r6nm/uatwJtqe1Y38bayNU9AcqNBq5qCi9 EZdeL2N9Uy9FZvki6qhLwwpA1KRRsycKii4kbqn8/xAgfz1lGwZjQ+D2KLZgUXue/8VM GiYw== X-Gm-Message-State: APjAAAXNgmT8PiBI9bi+5SLYlUJzXKl0TqIUSctmlEysGNzxR/XhIdgv BPyrfdv99SJVl8ftJ7ApkHACLYGcPXvIFzo9XjaE3iV6UKsMGaPyERI3d0aSs3lxPvyeZUIi8+H CHtUN85yfsuWcrbxQwA== X-Received: by 2002:adf:df91:: with SMTP id z17mr3249422wrl.116.1569343210356; Tue, 24 Sep 2019 09:40:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqyW39JIO172Jd/3KtIvPXsERk262fFKNFnbTI3kipFrdQJpVRWaD+zVrDCvkuD8Low9Aqx0aA== X-Received: by 2002:adf:df91:: with SMTP id z17mr3249391wrl.116.1569343210027; Tue, 24 Sep 2019 09:40:10 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id 207sm789321wme.17.2019.09.24.09.40.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Sep 2019 09:40:09 -0700 (PDT) From: Lorenzo Bianconi To: ovs-dev@openvswitch.org Date: Tue, 24 Sep 2019 18:39:54 +0200 Message-Id: <1a3538a3253adf26f65b18a81b13451036c3986e.1569342607.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 ovn 1/3] Add egress QoS mapping for non-tunnel interfaces X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Introduce add_localnet_egress_interface_mappings routine in order to collect as egress interfaces all ovs bridge interfaces marked with ovn-egress-iface in the external_ids column of ovs interface table. ovn-egress-iface is used to indicate to which localnet ports QoS egress shaping has to be applied. Refactor add_bridge_mappings routine Signed-off-by: Lorenzo Bianconi Acked-by: Dumitru Ceara --- controller/binding.c | 51 ++++++++++++++++++++++++- controller/binding.h | 4 ++ controller/ovn-controller.c | 3 +- controller/patch.c | 76 +++++++++++++++++++++---------------- controller/patch.h | 4 ++ 5 files changed, 103 insertions(+), 35 deletions(-) diff --git a/controller/binding.c b/controller/binding.c index 242163d59..aad9d39e6 100644 --- a/controller/binding.c +++ b/controller/binding.c @@ -18,6 +18,7 @@ #include "ha-chassis.h" #include "lflow.h" #include "lport.h" +#include "patch.h" #include "lib/bitmap.h" #include "openvswitch/poll-loop.h" @@ -532,6 +533,9 @@ consider_local_datapath(struct ovsdb_idl_txn *ovnsb_idl_txn, /* Add all localnet ports to local_lports so that we allocate ct zones * for them. */ sset_add(local_lports, binding_rec->logical_port); + if (qos_map && ovs_idl_txn) { + get_qos_params(binding_rec, qos_map); + } } else if (!strcmp(binding_rec->type, "external")) { if (ha_chassis_group_contains(binding_rec->ha_chassis_group, chassis_rec)) { @@ -619,10 +623,48 @@ consider_local_datapath(struct ovsdb_idl_txn *ovnsb_idl_txn, } } +static void +add_localnet_egress_interface_mappings( + const struct sbrec_port_binding *port_binding, + struct shash *bridge_mappings, struct sset *egress_ifaces) +{ + const char *network = smap_get(&port_binding->options, "network_name"); + if (!network) { + return; + } + + struct ovsrec_bridge *br_ln = shash_find_data(bridge_mappings, network); + if (!br_ln) { + return; + } + + /* Add egress-ifaces from the connected bridge */ + for (size_t i = 0; i < br_ln->n_ports; i++) { + const struct ovsrec_port *port_rec = br_ln->ports[i]; + + for (size_t j = 0; j < port_rec->n_interfaces; j++) { + const struct ovsrec_interface *iface_rec; + + iface_rec = port_rec->interfaces[j]; + bool is_egress_iface = smap_get_bool(&iface_rec->external_ids, + "ovn-egress-iface", false); + if (!is_egress_iface) { + continue; + } + sset_add(egress_ifaces, iface_rec->name); + } + } +} + static void consider_localnet_port(const struct sbrec_port_binding *binding_rec, + struct shash *bridge_mappings, + struct sset *egress_ifaces, struct hmap *local_datapaths) { + add_localnet_egress_interface_mappings(binding_rec, + bridge_mappings, egress_ifaces); + struct local_datapath *ld = get_local_datapath(local_datapaths, binding_rec->datapath->tunnel_key); @@ -655,6 +697,8 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn, const struct ovsrec_bridge *br_int, const struct sbrec_chassis *chassis_rec, const struct sset *active_tunnels, + const struct ovsrec_bridge_table *bridge_table, + const struct ovsrec_open_vswitch_table *ovs_table, struct hmap *local_datapaths, struct sset *local_lports, struct sset *local_lport_ids) { @@ -663,6 +707,7 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn, } const struct sbrec_port_binding *binding_rec; + struct shash bridge_mappings = SHASH_INITIALIZER(&bridge_mappings); struct shash lport_to_iface = SHASH_INITIALIZER(&lport_to_iface); struct sset egress_ifaces = SSET_INITIALIZER(&egress_ifaces); struct hmap qos_map; @@ -688,14 +733,18 @@ binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn, } + add_ovs_bridge_mappings(ovs_table, bridge_table, &bridge_mappings); + /* Run through each binding record to see if it is a localnet port * on local datapaths discovered from above loop, and update the * corresponding local datapath accordingly. */ SBREC_PORT_BINDING_TABLE_FOR_EACH (binding_rec, port_binding_table) { if (!strcmp(binding_rec->type, "localnet")) { - consider_localnet_port(binding_rec, local_datapaths); + consider_localnet_port(binding_rec, &bridge_mappings, + &egress_ifaces, local_datapaths); } } + shash_destroy(&bridge_mappings); if (!sset_is_empty(&egress_ifaces) && set_noop_qos(ovs_idl_txn, port_table, qos_table, &egress_ifaces)) { diff --git a/controller/binding.h b/controller/binding.h index bae162ede..924891c1b 100644 --- a/controller/binding.h +++ b/controller/binding.h @@ -26,6 +26,8 @@ struct ovsdb_idl_txn; struct ovsrec_bridge; struct ovsrec_port_table; struct ovsrec_qos_table; +struct ovsrec_bridge_table; +struct ovsrec_open_vswitch_table; struct sbrec_chassis; struct sbrec_port_binding_table; struct sset; @@ -42,6 +44,8 @@ void binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn, const struct ovsrec_bridge *br_int, const struct sbrec_chassis *, const struct sset *active_tunnels, + const struct ovsrec_bridge_table *bridge_table, + const struct ovsrec_open_vswitch_table *ovs_table, struct hmap *local_datapaths, struct sset *local_lports, struct sset *local_lport_ids); bool binding_cleanup(struct ovsdb_idl_txn *ovnsb_idl_txn, diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index 33ece59be..b46a1d151 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -1082,7 +1082,8 @@ en_runtime_data_run(struct engine_node *node) sbrec_port_binding_by_name, port_table, qos_table, pb_table, br_int, chassis, - active_tunnels, local_datapaths, + active_tunnels, bridge_table, + ovs_table, local_datapaths, local_lports, local_lport_ids); update_ct_zones(local_lports, local_datapaths, ct_zones, diff --git a/controller/patch.c b/controller/patch.c index a6770c6d5..f2053de7b 100644 --- a/controller/patch.c +++ b/controller/patch.c @@ -129,6 +129,48 @@ remove_port(const struct ovsrec_bridge_table *bridge_table, } } +void +add_ovs_bridge_mappings(const struct ovsrec_open_vswitch_table *ovs_table, + const struct ovsrec_bridge_table *bridge_table, + struct shash *bridge_mappings) +{ + const struct ovsrec_open_vswitch *cfg; + + cfg = ovsrec_open_vswitch_table_first(ovs_table); + if (cfg) { + const char *mappings_cfg; + char *cur, *next, *start; + + mappings_cfg = smap_get(&cfg->external_ids, "ovn-bridge-mappings"); + if (!mappings_cfg || !mappings_cfg[0]) { + return; + } + + next = start = xstrdup(mappings_cfg); + while ((cur = strsep(&next, ",")) && *cur) { + const struct ovsrec_bridge *ovs_bridge; + char *network, *bridge = cur; + + network = strsep(&bridge, ":"); + if (!bridge || !*network || !*bridge) { + VLOG_ERR("Invalid ovn-bridge-mappings configuration: '%s'", + mappings_cfg); + break; + } + + ovs_bridge = get_bridge(bridge_table, bridge); + if (!ovs_bridge) { + VLOG_WARN("Bridge '%s' not found for network '%s'", + bridge, network); + continue; + } + + shash_add(bridge_mappings, network, ovs_bridge); + } + free(start); + } +} + /* Obtains external-ids:ovn-bridge-mappings from OVSDB and adds patch ports for * the local bridge mappings. Removes any patch ports for bridge mappings that * already existed from 'existing_ports'. */ @@ -142,41 +184,9 @@ add_bridge_mappings(struct ovsdb_idl_txn *ovs_idl_txn, const struct sbrec_chassis *chassis) { /* Get ovn-bridge-mappings. */ - const char *mappings_cfg = ""; - const struct ovsrec_open_vswitch *cfg; - cfg = ovsrec_open_vswitch_table_first(ovs_table); - if (cfg) { - mappings_cfg = smap_get(&cfg->external_ids, "ovn-bridge-mappings"); - if (!mappings_cfg || !mappings_cfg[0]) { - return; - } - } - - /* Parse bridge mappings. */ struct shash bridge_mappings = SHASH_INITIALIZER(&bridge_mappings); - char *cur, *next, *start; - next = start = xstrdup(mappings_cfg); - while ((cur = strsep(&next, ",")) && *cur) { - char *network, *bridge = cur; - const struct ovsrec_bridge *ovs_bridge; - - network = strsep(&bridge, ":"); - if (!bridge || !*network || !*bridge) { - VLOG_ERR("Invalid ovn-bridge-mappings configuration: '%s'", - mappings_cfg); - break; - } - ovs_bridge = get_bridge(bridge_table, bridge); - if (!ovs_bridge) { - VLOG_WARN("Bridge '%s' not found for network '%s'", - bridge, network); - continue; - } - - shash_add(&bridge_mappings, network, ovs_bridge); - } - free(start); + add_ovs_bridge_mappings(ovs_table, bridge_table, &bridge_mappings); const struct sbrec_port_binding *binding; SBREC_PORT_BINDING_TABLE_FOR_EACH (binding, port_binding_table) { diff --git a/controller/patch.h b/controller/patch.h index 9018e4967..49b0b2e90 100644 --- a/controller/patch.h +++ b/controller/patch.h @@ -30,7 +30,11 @@ struct ovsrec_open_vswitch_table; struct ovsrec_port_table; struct sbrec_port_binding_table; struct sbrec_chassis; +struct shash; +void add_ovs_bridge_mappings(const struct ovsrec_open_vswitch_table *ovs_table, + const struct ovsrec_bridge_table *bridge_table, + struct shash *bridge_mappings); void patch_run(struct ovsdb_idl_txn *ovs_idl_txn, const struct ovsrec_bridge_table *, const struct ovsrec_open_vswitch_table *, From patchwork Tue Sep 24 16:39:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1166739 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46d6R73BdBz9sPc for ; Wed, 25 Sep 2019 02:41:45 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 78CB5DC6; Tue, 24 Sep 2019 16:40:18 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 97F84DBE for ; Tue, 24 Sep 2019 16:40:17 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 25966844 for ; Tue, 24 Sep 2019 16:40:17 +0000 (UTC) Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 715582BF73 for ; Tue, 24 Sep 2019 16:40:16 +0000 (UTC) Received: by mail-wr1-f70.google.com with SMTP id w10so828882wrl.5 for ; Tue, 24 Sep 2019 09:40:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Wzkq72uKvp2MDgVI9/nHsDlI3mkWsHB4tMbZ492iEZ8=; b=WBCbmwNXaVXY3haSvXbIgKJF9NGlVERGND8B80UAVApI5kk4O2rhH0AF8grVIk4+tD mSh/5Iq2YzR01Lh2WRcBk7+TlbhODHGpMjtv0u2wHYpdubhOXy2+aRQTg+L8VkwXP+i3 oET6gBtNcGQlH8Dk6NW09oq+OWd/o9ZAX6f4RZuuExqR9xhCGN9nOswE3STukcQtm+Qr Malcaw+rD9Uc9dh/RTCjT9YfE/+7Z40f3AZ3ebxAH1r7+3NlwEN4lEXgnYpm7aR49Cmg iSwcx7+dgtnK/pz367LflqWRZ1sDqY3G/zxBBWN3brYncRJ6gp36Uv64XecLwBxFchvU soNQ== X-Gm-Message-State: APjAAAXIFfFu6Xux/Ln2wEPQy9uvknPPWd+B5e9tTa3GPOdrASiuz8AT s4CxqQM1Z9R6AXpIAjXIkvbBcc6YMMDFbdDyq+eg9nxaQDezfoFdAbday2qqxezfH8QiCkGX9ub Oiq93X2Q2RME8OTLqFw== X-Received: by 2002:adf:ea92:: with SMTP id s18mr3124339wrm.137.1569343214842; Tue, 24 Sep 2019 09:40:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqwUkGnJrpVd/cQ9ZMJKJH0P2oqlHBjqxAUY/hNra6whcSlr+3ISaXyfSorJf4ND46zi+EZAfQ== X-Received: by 2002:adf:ea92:: with SMTP id s18mr3124320wrm.137.1569343214578; Tue, 24 Sep 2019 09:40:14 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id 207sm789321wme.17.2019.09.24.09.40.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Sep 2019 09:40:13 -0700 (PDT) From: Lorenzo Bianconi To: ovs-dev@openvswitch.org Date: Tue, 24 Sep 2019 18:39:55 +0200 Message-Id: <7889765a38b32e46a1cec24345f2c64c944f4f4b.1569342607.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 ovn 2/3] northd: add the possibility to define localnet as qos capable port X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Refactor allocate_chassis_queueid and free_chassis_queueid in order to get an unused queue_id even for localnet ports and add the the possibility to define localnet as qos capable port Acked-by: Dumitru Ceara Signed-off-by: Lorenzo Bianconi --- northd/ovn-northd.c | 45 ++++++++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index f393cebb8..633fb502b 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -357,7 +357,7 @@ destroy_chassis_queues(struct hmap *set) } static void -add_chassis_queue(struct hmap *set, struct uuid *chassis_uuid, +add_chassis_queue(struct hmap *set, const struct uuid *chassis_uuid, uint32_t queue_id) { struct ovn_chassis_qdisc_queues *node = xmalloc(sizeof *node); @@ -368,7 +368,7 @@ add_chassis_queue(struct hmap *set, struct uuid *chassis_uuid, } static bool -chassis_queueid_in_use(const struct hmap *set, struct uuid *chassis_uuid, +chassis_queueid_in_use(const struct hmap *set, const struct uuid *chassis_uuid, uint32_t queue_id) { const struct ovn_chassis_qdisc_queues *node; @@ -383,31 +383,38 @@ chassis_queueid_in_use(const struct hmap *set, struct uuid *chassis_uuid, } static uint32_t -allocate_chassis_queueid(struct hmap *set, struct sbrec_chassis *chassis) +allocate_chassis_queueid(struct hmap *set, const struct uuid *uuid, char *name) { + if (!uuid) { + return 0; + } + for (uint32_t queue_id = QDISC_MIN_QUEUE_ID + 1; queue_id <= QDISC_MAX_QUEUE_ID; queue_id++) { - if (!chassis_queueid_in_use(set, &chassis->header_.uuid, queue_id)) { - add_chassis_queue(set, &chassis->header_.uuid, queue_id); + if (!chassis_queueid_in_use(set, uuid, queue_id)) { + add_chassis_queue(set, uuid, queue_id); return queue_id; } } static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); - VLOG_WARN_RL(&rl, "all %s queue ids exhausted", chassis->name); + VLOG_WARN_RL(&rl, "all %s queue ids exhausted", name); return 0; } static void -free_chassis_queueid(struct hmap *set, struct sbrec_chassis *chassis, +free_chassis_queueid(struct hmap *set, const struct uuid *uuid, uint32_t queue_id) { - const struct uuid *chassis_uuid = &chassis->header_.uuid; + if (!uuid) { + return; + } + struct ovn_chassis_qdisc_queues *node; HMAP_FOR_EACH_WITH_HASH (node, key_node, - hash_chassis_queue(chassis_uuid, queue_id), set) { - if (uuid_equals(chassis_uuid, &node->chassis_uuid) + hash_chassis_queue(uuid, queue_id), set) { + if (uuid_equals(uuid, &node->chassis_uuid) && node->queue_id == queue_id) { hmap_remove(set, &node->key_node); free(node); @@ -2650,15 +2657,23 @@ ovn_port_update_sbrec(struct northd_context *ctx, uint32_t queue_id = smap_get_int( &op->sb->options, "qdisc_queue_id", 0); bool has_qos = port_has_qos_params(&op->nbsp->options); + const struct uuid *uuid = NULL; struct smap options; + char *name = ""; + + if (!strcmp(op->nbsp->type, "localnet")) { + uuid = &op->sb->header_.uuid; + name = "localnet"; + } else if (op->sb->chassis) { + uuid = &op->sb->chassis->header_.uuid; + name = op->sb->chassis->name; + } - if (op->sb->chassis && has_qos && !queue_id) { + if (has_qos && !queue_id) { queue_id = allocate_chassis_queueid(chassis_qdisc_queues, - op->sb->chassis); + uuid, name); } else if (!has_qos && queue_id) { - free_chassis_queueid(chassis_qdisc_queues, - op->sb->chassis, - queue_id); + free_chassis_queueid(chassis_qdisc_queues, uuid, queue_id); queue_id = 0; } From patchwork Tue Sep 24 16:39:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1166741 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46d6RX4F2hz9sPL for ; Wed, 25 Sep 2019 02:42:16 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 347ACDCE; Tue, 24 Sep 2019 16:40:22 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E5599DC3 for ; Tue, 24 Sep 2019 16:40:21 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2427DB0 for ; Tue, 24 Sep 2019 16:40:21 +0000 (UTC) Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 57204859FB for ; Tue, 24 Sep 2019 16:40:20 +0000 (UTC) Received: by mail-wm1-f69.google.com with SMTP id k184so328254wmk.1 for ; Tue, 24 Sep 2019 09:40:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HI5e6NgwHYofTARALUkz3D/4vl27YCRmFC/fj8fq8iI=; b=Nx+PJFgmJwp1FfcZZF7xTpUb9dWesJMg4hgVPPIGLZEWfq0kZTXOiyWKnx6h1pctZu PXoERyHMpE3etLYXVuLSb5FvNms+BVf4Sb71UtOLzqmkgTOIqxviLIH5QkXSqQncNs4M TkfwcOqIAbV109V5rHoli2fzvrDLqNULbEGcM3eJajSD/VUd4LwJKUwR7Ir/ySs0Vhiz 5lSCdTe9DRcCpdG6pB/jqZMa2nDsBmXSTNfh/QZXcMGfJTJESLD0DHy8pN1zaNbEYgIa GxzSk+XjANdAxEiCmCydetwfoCms+ahmQ+KQuTPjc4LUQsoeFfeAn1NIhTVeAl/7/E3f e60g== X-Gm-Message-State: APjAAAVyNlGX61J5UbsrRODoA+7/wIbB1mjOxs2Mt02fH9PrACDQXiGV h+q0VHwWlX1h6AI8Gn2ZLGL17U4aWXidqlh44ylOW/Rb3LwcHs/xzpHmX/8M0ftnaLzUp12EdgU hREX3f7hWMb+OoRA5og== X-Received: by 2002:a1c:3281:: with SMTP id y123mr1057718wmy.34.1569343218770; Tue, 24 Sep 2019 09:40:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqyxjr5UvMAtpkAwXy/lDshvxj+e0CvEz+nl9Vs/phj81neD1sqTnXX9MsXFb6iI7R/luSp3Ow== X-Received: by 2002:a1c:3281:: with SMTP id y123mr1057696wmy.34.1569343218401; Tue, 24 Sep 2019 09:40:18 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id 207sm789321wme.17.2019.09.24.09.40.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Sep 2019 09:40:17 -0700 (PDT) From: Lorenzo Bianconi To: ovs-dev@openvswitch.org Date: Tue, 24 Sep 2019 18:39:56 +0200 Message-Id: X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 ovn 3/3] northd: introduce logical flow for localnet egress shaping X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Add set_queue() action for qos capable localnet port in S_SWITCH_OUT_PORT_SEC_L2 stage of logical swith pipeline Introduce build_lswitch_{input,outpur}_port_sec and refactor lswitch_port_security code in order to remove duplicated code Signed-off-by: Lorenzo Bianconi Acked-by: Dumitru Ceara --- northd/ovn-northd.8.xml | 7 +- northd/ovn-northd.c | 231 ++++++++++++++++++++++++---------------- 2 files changed, 143 insertions(+), 95 deletions(-) diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 0f4f1c112..093b55438 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -1150,10 +1150,15 @@ output; eth.dst are always accepted instead of being subject to the port security rules; this is implemented through a priority-100 flow that matches on eth.mcast with action output;. - Finally, to ensure that even broadcast and multicast packets are not + Moreover, to ensure that even broadcast and multicast packets are not delivered to disabled logical ports, a priority-150 flow for each disabled logical outport overrides the priority-100 flow with a drop; action. + Finally if egress qos has been enabled on a localnet port, the outgoing + queue id is set through set_queue action. Please remember to + mark the corresponding physical interface with + ovn-egress-iface set to true in

Logical Router Datapaths

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 633fb502b..b1ece2d29 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -3903,6 +3903,140 @@ has_stateful_acl(struct ovn_datapath *od) return false; } +static void +build_lswitch_input_port_sec(struct hmap *ports, struct hmap *datapaths, + struct hmap *lflows) +{ + /* Logical switch ingress table 0: Ingress port security - L2 + * (priority 50). + * Ingress table 1: Ingress port security - IP (priority 90 and 80) + * Ingress table 2: Ingress port security - ND (priority 90 and 80) + */ + struct ds actions = DS_EMPTY_INITIALIZER; + struct ds match = DS_EMPTY_INITIALIZER; + struct ovn_port *op; + + HMAP_FOR_EACH (op, key_node, ports) { + if (!op->nbsp) { + continue; + } + + if (!lsp_is_enabled(op->nbsp)) { + /* Drop packets from disabled logical ports (since logical flow + * tables are default-drop). */ + continue; + } + + if (lsp_is_external(op->nbsp)) { + continue; + } + + ds_clear(&match); + ds_clear(&actions); + ds_put_format(&match, "inport == %s", op->json_key); + build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs, + &match); + + const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id"); + if (queue_id) { + ds_put_format(&actions, "set_queue(%s); ", queue_id); + } + ds_put_cstr(&actions, "next;"); + ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50, + ds_cstr(&match), ds_cstr(&actions)); + + if (op->nbsp->n_port_security) { + build_port_security_ip(P_IN, op, lflows); + build_port_security_nd(op, lflows); + } + } + + /* Ingress table 1 and 2: Port security - IP and ND, by default + * goto next. (priority 0) + */ + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + if (!od->nbs) { + continue; + } + + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;"); + } + + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lswitch_output_port_sec(struct hmap *ports, struct hmap *datapaths, + struct hmap *lflows) +{ + struct ds actions = DS_EMPTY_INITIALIZER; + struct ds match = DS_EMPTY_INITIALIZER; + struct ovn_port *op; + + /* Egress table 8: Egress port security - IP (priorities 90 and 80) + * if port security enabled. + * + * Egress table 9: Egress port security - L2 (priorities 50 and 150). + * + * Priority 50 rules implement port security for enabled logical port. + * + * Priority 150 rules drop packets to disabled logical ports, so that + * they don't even receive multicast or broadcast packets. + */ + HMAP_FOR_EACH (op, key_node, ports) { + if (!op->nbsp || lsp_is_external(op->nbsp)) { + continue; + } + + ds_clear(&actions); + ds_clear(&match); + + ds_put_format(&match, "outport == %s", op->json_key); + if (lsp_is_enabled(op->nbsp)) { + build_port_security_l2("eth.dst", op->ps_addrs, op->n_ps_addrs, + &match); + + if (!strcmp(op->nbsp->type, "localnet")) { + const char *queue_id = smap_get(&op->sb->options, + "qdisc_queue_id"); + if (queue_id) { + ds_put_format(&actions, "set_queue(%s); ", queue_id); + } + } + ds_put_cstr(&actions, "output;"); + ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 50, + ds_cstr(&match), ds_cstr(&actions)); + } else { + ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 150, + ds_cstr(&match), "drop;"); + } + + if (op->nbsp->n_port_security) { + build_port_security_ip(P_OUT, op, lflows); + } + } + + /* Egress tables 8: Egress port security - IP (priority 0) + * Egress table 9: Egress port security L2 - multicast/broadcast + * (priority 100). */ + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + if (!od->nbs) { + continue; + } + + ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_IP, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_L2, 100, "eth.mcast", + "output;"); + } + + ds_destroy(&match); + ds_destroy(&actions); +} + static void build_pre_acls(struct ovn_datapath *od, struct hmap *lflows) { @@ -4974,61 +5108,12 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, * to the next table if packet source is acceptable. */ } - /* Logical switch ingress table 0: Ingress port security - L2 - * (priority 50). - * Ingress table 1: Ingress port security - IP (priority 90 and 80) - * Ingress table 2: Ingress port security - ND (priority 90 and 80) - */ - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp) { - continue; - } - - if (!lsp_is_enabled(op->nbsp)) { - /* Drop packets from disabled logical ports (since logical flow - * tables are default-drop). */ - continue; - } - - if (lsp_is_external(op->nbsp)) { - continue; - } - - ds_clear(&match); - ds_clear(&actions); - ds_put_format(&match, "inport == %s", op->json_key); - build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs, - &match); - - const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id"); - if (queue_id) { - ds_put_format(&actions, "set_queue(%s); ", queue_id); - } - ds_put_cstr(&actions, "next;"); - ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50, - ds_cstr(&match), ds_cstr(&actions)); - - if (op->nbsp->n_port_security) { - build_port_security_ip(P_IN, op, lflows); - build_port_security_nd(op, lflows); - } - } - - /* Ingress table 1 and 2: Port security - IP and ND, by default goto next. - * (priority 0)*/ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;"); - } + build_lswitch_input_port_sec(ports, datapaths, lflows); /* Ingress table 11: ARP/ND responder, skip requests coming from localnet * and vtep ports. (priority 100); see ovn-northd.8.xml for the * rationale. */ + struct ovn_port *op; HMAP_FOR_EACH (op, key_node, ports) { if (!op->nbsp) { continue; @@ -5651,49 +5736,7 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } } - /* Egress tables 8: Egress port security - IP (priority 0) - * Egress table 9: Egress port security L2 - multicast/broadcast - * (priority 100). */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_IP, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_L2, 100, "eth.mcast", - "output;"); - } - - /* Egress table 8: Egress port security - IP (priorities 90 and 80) - * if port security enabled. - * - * Egress table 9: Egress port security - L2 (priorities 50 and 150). - * - * Priority 50 rules implement port security for enabled logical port. - * - * Priority 150 rules drop packets to disabled logical ports, so that they - * don't even receive multicast or broadcast packets. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp || lsp_is_external(op->nbsp)) { - continue; - } - - ds_clear(&match); - ds_put_format(&match, "outport == %s", op->json_key); - if (lsp_is_enabled(op->nbsp)) { - build_port_security_l2("eth.dst", op->ps_addrs, op->n_ps_addrs, - &match); - ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 50, - ds_cstr(&match), "output;"); - } else { - ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 150, - ds_cstr(&match), "drop;"); - } - - if (op->nbsp->n_port_security) { - build_port_security_ip(P_OUT, op, lflows); - } - } + build_lswitch_output_port_sec(ports, datapaths, lflows); ds_destroy(&match); ds_destroy(&actions);